Lucene search
GitHub Advisory DatabaseGHSA-2JRM-GWW7-WCH2HistoryMay 24, 2022 - 5:40 p.m.
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
2022-05-2417:40:31
CWE-94
CWE-829
GitHub Advisory Database
github.com
2
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.10.1 | |
| moodle/moodle | lt | 3.9.4 | |
| moodle/moodle | lt | 3.8.7 | |
| moodle/moodle | lt | 3.5.16 |
Related
osv
osv
BIT-moodle-2021-20187
2024-03-06 11:11:07
CVE-2021-20187
2021-01-28 19:15:13
prion
prion
Authentication flaw
2021-01-28 19:15:00
cvelist
cvelist
CVE-2021-20187
2021-01-28 18:30:03
cve
cve
CVE-2021-20187
2021-01-28 19:15:00
ubuntucve
ubuntucve
CVE-2021-20187
2021-01-28 00:00:00
openvas
openvas
nessus
nessus
Moodle 3.5.x < 3.5.16 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.1 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.8.x < 3.8.7 Multiple Vulnerabilities
2023-02-20 00:00:00